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DETAILED ACTION 

1. The amendment filed on December 10, 2003 has been received and entered. Claim 14 is 
cancelled. Claim 24 is now added. Therefore, claims 1-13, and 15-24 are now pending. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 13, 15, 17-19, 21-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Walker et al. (U.S. Pub. No. 2003/002881 1 Al) in view of Schumann et al. (U.S. Pub. No. 
2002/0021805 Al). 

As to claim 13, Walker et al. discloses a method of operating a computer system (See 
page 3, paragraph 0019), comprising: 

scanning the fingerprint of a user to generate user fingerprint data (See page 1, paragraph 
0008, also see page 3, paragraph 0019); 

using said user fingerprint data to access a database of stored fingerprint data and to 
compare said user fingerprint data with stored fingerprint data (See page 2, paragraph 0017); 

assigning an access authorization datum to said user based on the results of 
said comparing step (See page 3, paragraph 0021, wherein "access authorization datum" reads on 
"fingerprint authentication code"); 
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controlling how the user can interact with said computer system based on said assigned 
authorization datum (See page 2, paragraph 0017, wherein "controlling how the user can 
interact" reads on "extent of a user's authorization is determined by the user's profile"). 

Walker et al. does not teach securely communicating between a fingerprint matching 
module interfaced to an authorization module that is interfaced to a resource access module for 
performing said step of using said fingerprint. 

Schumann et al. teaches securely communicating between a fingerprint matching module 
interfaced to an authorization module that is interfaced to a resource access module for 
performing said step of using said fingerprint (See Schumann et al. page 5, paragraphs 0050- 
0054). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time of the invention was made to have modified Walker et al . to include securely 
communicating between a fingerprint matching module interfaced to an authorization module 
that is interfaced to a resource access module for performing said step of using said fingerprint. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have modified Walker et al . by the teaching of Schumann et al. to include securely 
communicating between a fingerprint matching module interfaced to an authorization module 
that is interfaced to a resource access module for performing said step of using said fingerprint 
because having separate interfaces insure more efficient security and authentication mechanism. 



As to claim 15, Walker et al. as modified discloses wherein said scanning step is 
performed using a reading device that is integral with a pointing device of said computer system 
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(See page 2, paragraph 0017, also see pages 3-4, paragraphs 0020-0023, wherein "reading device 
that is integral with a pointing device" reads on "touch screen/pad"). 

As to claim 17, Walker et al. as modified discloses wherein said scanning step is 
performed in response to a predetermined action taken by the user in interacting with said 
computer system (See page 3 , paragraph 00 1 9). 

As to claim 18, Walker et al. as modified discloses wherein said predetermined action is a 
pointing device action taken by the user through operation of a reading device that is integral 
with a pointing device of said computer (See page 2, paragraph 0017, also see pages 3-4, 
paragraphs 0020-0023, wherein "reading device that is integral with a pointing device" reads on 
"touch screen/pad"). 

As to claim 19, Walker et al. as modified discloses wherein said controlling step includes 
controlling network access in a computer system (See pages 2-3, paragraphs 0018-0019). 

As to claim 21, Walker et al. as modified discloses wherein said controlling step includes 
controlling record access in a computer system (See page 3, paragraph 0021). 



As to claim 22, Walker et al. as modified discloses wherein said controlling step includes 
controlling resource access in a computer system (See page 2, paragraphs 0017-0018). 
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As to claim 23, Walker et al. as modified discloses wherein said controlling step includes 
controlling feature access in a computer system (See page 4, paragraphs 0023-0032). 

As to claim 24, Walker et al. as modified discloses wherein each one of said first secure 
interface, said second secure interface and said third secure interface comprising: 

a encryption sub-module encrypting outgoing information from a given secure interface; 

a decryption sub-module decrypting incoming information received by said given secure 
interface (See Schumann et al. page 4, paragraphs 0045-0049, also see Schumann et al. page 5, 
paragraphs 0056-0058). 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1-12, 16, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Walker et al. (U.S. Pub. No. 2003/002881 1 Al) in view of Felsher (U.S. Pub. No. 2002/0010679 
Al) and further in view of Schumann et al. (U.S. Pub. No. 2002/0021805 Al). 

As to claim 1, Walker et al. discloses a secure computer resource access system (See 
page 3, paragraph 0019), comprising: 

a fingerprint reading device (See page 4, claim 1 language); 
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a store of fingerprint data corresponding to a plurality of different users (See page 2, 
paragraph 0017); 

an authorization system coupled to said reading device and configured to access said 
store and to associate an authorization level with a user based on the user's fingerprint (See page 
2, paragraph 0017); 

said access mechanism being responsive to said authorization system to control how a 
user can interact with said computer resource based on said associated authorization level (See 
page 2, paragraphs 0012-0013, also see page 3, paragraph 0019). 

Walker et al . does not teach an access mechanism that defines a plurality of different 
authorization levels associated with a plurality of file resources. 

Felsher teaches an access mechanism that defines a plurality of different authorization 
levels associated with a plurality of file resources (See Felsher page 36, paragraphs 0251-0254). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time of the invention was made to have modified Walker et al . to include an access mechanism 
that defines a plurality of different authorization levels associated with a plurality of file 
resources. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have modified Walker et al by the teaching of Felsher to include an access 
mechanism that defines a plurality of different authorization levels associated with a plurality of 
file resources because it provides for secure and cost effective method of database access and 
retrieval. 
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Walker et al . as modified still does not teach said access mechanism including at least 
one fingerprint matching module having a first secure interface to said fingerprint device and at 
least one authorization module having a second secure interface to said fingerprint matching 
module and a third secure interface to at least one resource access module. 

Schumann et al. teaches said access mechanism including at least one fingerprint 
matching module having a first secure interface to said fingerprint device and at least one 
authorization module having a second secure interface to said fingerprint matching module and a 
third secure interface to at least one resource access module (See Schumann et al page 4, 
paragraphs 0045-0049, also see Schumann et al. page 5, paragraphs 0056-0058), 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time of the invention was made to have further modified Walker et al . as modified to include said 
access mechanism including at least one fingerprint matching module having a first secure 
interface to said fingerprint device and at least one authorization module having a second secure 
interface to said fingerprint matching module and a third secure interface to at least one resource 
access module. 

It would have been obvious to one of ordinary skill in the art at the time the invention was made 
to have modified Walker et al . by the teaching of Schumann et al. to include said access 
mechanism including at least one fingerprint matching module having a first secure interface to 
said fingerprint device and at least one authorization module having a second secure interface to 
said fingerprint matching module and a third secure interface to at least one resource access 
module because having separate interfaces insure more efficient security and authentication 
mechanism. 
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As to claim 2, Walker et al. as modified discloses wherein said fingerprint reading device 
is integral with a pointing device of a computer system (See Felsher page 38, paragraph 0285). 

As to claim 3, Walker et al as modified discloses wherein said fingerprint reading device 
is integral with a keyboard device of a computer system (See page 2, paragraph 0017, wherein 
"fingerprint reading device is integral with a keyboard device" reads on "fingerprint 
sensor/keyboard"). 

As to claim 4, Walker et al. as modified discloses wherein said store of fingerprint data 
employs a data structure for storing said fingerprint data in an encrypted format (See Felsher 
page 35, paragraph 0248, also see Felsher abstract). 

As to claim 5, Walker et al. as modified discloses wherein said encrypted format is 
protected by a software key (See Felsher pages 3-4, paragraphs 0043-0044, also see Walker et al. 
page 1, paragraph 0008). 

As to claim 6, Walker et al. as modified discloses wherein said authorization system 
communicates with said store of fingerprint data across an encrypted channel (See Felsher page 
13, paragraph 01 13, also see Felsher pages 35-36, paragraph 0250, also see Felsher page 3, 
paragraph 0043). 
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As to claim 7, Walker et al. as modified discloses wherein said authorization system 
communicates with said store of fingerprint data across a computer network (See pages 2-3, 
paragraphs 0018-0019). 

As to claim 8, Walker et al. as modified discloses wherein said access mechanism 
controls file access within a computer system (See Felsher page 18, paragraph 0131). 

As to claim 9, Walker et al. as modified discloses wherein said access mechanism 
controls network access within a computer system (See pages 2-3, paragraphs 0018-0019). 

As to claim 10, Walker et al. as modified discloses wherein said access mechanism 
controls record access within a computer system (See page 3, paragraph 0021). 

As to claim 11, Walker et al. as modified discloses wherein said access mechanism 
controls resource access within a computer system (See Felsher page 19, paragraph 0133). 

As to claim 12, Walker et al. as modified discloses wherein said access mechanism 
controls feature access within a computer system (See Felsher page 10, paragraph 0091, also see 
Felsher page 19, paragraph 0137). 



As to claim 16, Walker et al. as modified does not teach wherein said scanning step is 
performed periodically as the user interacts with said computer system. 
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Felsher teaches wherein said scanning step is performed periodically as the user interacts 
with said computer system (See page 33, paragraph 0227, also pages 37-38, paragraph 0272- 
0274). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time of the invention was made to have further modified Walker et al . as modified to include 
wherein said scanning step is performed periodically as the user interacts with said computer 
system. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have further modified Walker et al . as modified by the teaching of Felsher to 
include wherein said scanning step is performed periodically as the user interacts with said 
computer system because it provides for secure and efficient method of database access and 
retrieval. 

As to claim 20, Walker et al as modified does not teach wherein said controlling step 
includes controlling file access in a computer system. 

Felsher teaches wherein said controlling step includes controlling file access in a 
computer system (See page 18, paragraph 0131). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time of the invention was made to have further modified Walker et al . as modified to include 
wherein said controlling step includes controlling file access in a computer system. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have further modified Walker et al . as modified by the teaching of Felsher to 
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include wherein said controlling step includes controlling file access in a computer system 
because controlling file access allows for added security and efficiency in accessing computer 
data. 

Response to Arguments 

6. Applicant's arguments with respect to claims 1-13, and 15-24 have been considered but 
are moot in view of the new ground(s) of rejection. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). - 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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8. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Flyntz (U.S. Patent No. 6,351,817 Bl) teaches multi-level secure computer with token- 
based access control. 

Brands (U.S. Patent No. 5,521,980) teaches privacy-protected transfer of electronic 
information. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Neveen Abel-Jalil whose telephone number is 703-305-81 14. 
The examiner can normally be reached on 8:00AM-4: 30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Dov Popovici can be reached on 703-305-3830. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Neveen Abel-Jalil 
February 18, 2004 



CHARLES RONES 
PRIMARY EXAMINER 



